Cross site request forgery (csrf)

2018-01-0822:29:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.9%

JSON

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.

CPENameOperatorVersion
magentolt2.0.10
magentoge2.1.0
magentolt2.1.2
magentolt2.0.10
magentoge2.1.0
magentolt2.1.2

Name	Operator	Version
magento	lt	2.0.10
magento	ge	2.1.0
magento	lt	2.1.2
magento	lt	2.0.10
magento	ge	2.1.0
magento	lt	2.1.2

References

magento.com/security/patches/magento-2010-and-212-security-update